Remarks 

The above Amendments and these Remarks are in reply to the Office Action mailed 
September 29, 2006. A Petition for Extension of Time is submitted herewith, together with the 
appropriate fee. 

I. Summary of Examiner's Rejections 

Prior to the Office Action mailed September 29, 2006, Claims 57-58, 63-64, 72-73, 81-82 
and 90-95 were pending in the Application. In the Office Action, Claims 57, 63, 72 and 81 were 
rejected under 35 U.S.C. 103(a) as being unpatentable over Brownlie et al. (U.S. Patent No. 
6,202,157, hereinafter Brownlie) in view of Gai et al. (U.S. Patent No. 6,167,445, hereinafter 
Gai) and further in view of Guedalia et al. (U.S. Patent No. 6,148,333, hereinafter Guedalia). 
Claims 58, 64, 73 and 82 were rejected under 35 U.S.C. 103(a) as being unpatentable over 
Brownlie, Gai and Guedalia and further in view of Luckenbaugh (U.S. Patent No. 5,991,887). 
Claims 91, 93 and 95 were rejected under 35 U.S.C. 103(a) as being unpatentable over 
Brownlie, Gai, Guedalia and Luckenbaugh and further in view of Balassanian (U.S. Patent No. 
6,324,685). Claims 57, 63, 72 and 81 were provisionally rejected on the ground of nonstatutory 
obviousness-type double patenting as being unpatentable over Claims 1, 11 and 21 of co- 
pending Application No. 11/171,104, in view of Guedalia. 

II. Summary of Applicant's Amendment 

The present Response amends Claims 57, 63, 72 and 81, leaving for the Examiner's 
present consideration Claims 57-58, 63-64, 72-73, 81-82 and 90-95. Reconsideration of the 
Application, as amended, is respectfully requested. Applicant respectfully reserves the right to 
prosecute any originally presented or canceled claims in a continuing or future application. 

III. Claim Rejections under 35 U.S.C. § 103(a) 

In the Office Action mailed September 29, 2006, Claims 57, 63, 72 and 81 were rejected 
under 35 U.S.C. 103(a) as being unpatentable over Brownlie et al. (U.S. Patent No. 6,202,157, 
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hereinafter Brownlie) in view of Gai et al. (U.S. Patent No. 6,167,445, hereinafter Gai) and 
further in view of Guedalia et al. (U.S. Patent No. 6,148,333, hereinafter Guedalia). Claims 58, 
64, 73 and 82 were rejected under 35 U.S.C. 103(a) as being unpatentable over Brownlie, Gai 
and Guedalia and further in view of Luckenbaugh (U.S. Patent No. 5,991,887). Claims 91, 93 
and 95 were rejected under 35 U.S.C. 103(a) as being unpatentable over Brownlie, Gai, 
Guedalia and Luckenbaugh and further in view of Balassanian (U.S. Patent No. 6,324,685). 

Claim 57 

Claim 57 has been amended to more clearly define the embodiment therein. As 
amended, Claim 57 defines: 



57. A system for maintaining security in a distributed computing environment, 
comprising: 

a policy manager located on a server for: 

creating a local security policy derived from a global security policy, said 
global security policy including a plurality of rules applicable to all 
application guards in the system, wherein creating the local 
security policy includes selecting a subset of the plurality of rules 
of the global security policy, said subset being applicable to a 
specific application guard at a client; and for 
distributing the local security policy to said client wherein the local 
security policy includes the subset of rules customized to the 
client, said subset of rules including a set of grant rules that allow 
access to securable components and a set of deny rules that 
prevent access to said securable components; and 
an application guard located at the client for managing access by individual 
transactions to securable components at a client level as specified by 
the local security policy, the securable components including at least one 
application wherein said application guard is integrated into said 
application; 

wherein the application guard receives an authorization request including a 
subject, an object and a privilege and evaluates said request by matching 
the subset of rules received from the policy manager to said subject, said 
object and said privilege in order to control access to said securable 
components. 



As amended, Claim 57 defines a policy manager that is configured to create a local 
security policy derived from a global security policy. The global security policy includes all rules 
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applicable to all application guards and clients throughout the distributed system. As such, the 
local security policy is created by selecting a subset of those rules of the global policy where 
that subset is only applicable to a specific application guard at a specific client. Once this local 
security policy is created, it is then distributed to the client for managing access thereon by the 
application guard. The application guard is integrated into an application and thus can control 
access to specific portions of the application based on the received local security policy. 

The advantages of the features in Claim 57 include the ability to have a global security 
policy which can be centrally updated, edited, and analyzed, as well as a number of local 
security policies which are derived from the global policy and used to manage access to specific 
applications. 

Applicant respectfully submits that Brownlie in combination with Gai and Guedalia 
(hereinafter, the cited references) fail to disclose the features of Claim 57, as amended. 

Firstly, the cited references fail to disclose a global security policy and a local security 
policy derived from the global policy, as defined in Claim 57. In the Office Action it was agreed 
that Brownlie fails to disclose these features of Claim 57 (Office Action page 3). It was 
proposed, however, that Gai teaches these features at column 18, lines 24-35. Applicant 
respectfully disagrees. Gai does not appear to be at all concerned with a global security policy 
nor a local security policy. Rather, it merely describes high-level network traffic policies which 
control traffic management, classify packets, etc. (Gai, Abstract). There does not appear to be 
any disclosure of a global security policy that includes access rules applicable to all application 
guards in the system, as defined in Claim 1. Furthermore, there is no disclosure whatsoever of 
creating a local security policy by selecting a subset of the rules from the global security, as 
defined in Claim 1. At most, Gai appears to teach a global network traffic policy that applies to 
all network devices and a local network traffic policy that applies to a specific network device 
interface (Gai, col. 18, lines 24-35). Presumably this is done because of the different types of 
traffic that each device may be handling. However, network traffic policies are entirely different 
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from security policies, as defined in Claim 57. More importantly, Gai does not appear to be at all 
concerned with deriving a local security policy by selecting a subset of access rules from the 
global policy in order to create the local security policy, as defined in Claim 57. 

Similarly, Brownlie fails to fix the shortcomings of Gai in teaching these features of Claim 
57. At most, Brownlie appears to disclose that the central server "receives the variable security 
policy rule data from the administrator interface" and "serves as the central policy data 
distribution source" (Brownlie, col. 3, lines 54-65). As such, the security policy data (password 
length limits) appear to be separately customized by the administrator for each network node. 
Once again there is no disclosure of a global security policy nor a local security policy and more 
specifically there is no disclosure whatsoever of creating the local security policy by selecting a 
subset of rules from the global policy that is applicable to a specific application guard at a client, 
as defined in Claim 57. This feature of Claim 57 can enable a global enterprise security policy 
that can be maintained, edited and analyzed in a central place, while at the same time providing 
local policies for specific and custom access control at each application guard. None of the cited 
references appear to be concerned with such functionality. 

Secondly, the cited references fail to disclose a an application guard that is integrated 
into an application and that manages access by individual transactions to various portions of the 
application based on the local security policy, as defined in Claim 57. The design and 
integration of the application guard is fundamental to providing access control to business level 
objects within an application since the authorization services have visibility to those named 
policy objects within the application (Specification, p.26). In the Office Action, Guedalia was 
cited as disclosing the features of allowing or preventing access based on a user request that 
includes a subject, object and privilege (Office Action p.3). Applicant respectfully disagrees. 
Guedalia merely appears to teach an image server that checks the user identification and user 
password in order to determine whether to provide the image for display (col. 9, line 53 - col. 
10, line 22). There is no disclosure whatsoever of an application guard that is integrated into an 
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application, as defined in Claim 57. Furthermore, there is no disclosure of managing access 
based on a local policy which has been derived from a global policy, as defined in Claim 57. 

In view of the above comments, Applicant respectfully submits that Claim 57, as 
amended, is neither anticipated by, nor obvious in view of the cited references, and 
reconsideration thereof is respectfully requested. 

Claims 63, 72 and 81 

Claims 63, 72 and 81, while independently patentable, recite limitations that, similarly to 
those described above with respect to claim 57, are not taught, suggested nor otherwise 
rendered obvious by the cited references. Reconsideration thereof is respectfully requested. 

Claims 58, 64, 73, 82 and 90-95 

Claims 58, 64, 73, 82 and 90-95 are not addressed separately, but it is respectfully 
submitted that these claims are allowable as depending from an allowable independent claim, 
and further in view of the comments provided above. Applicant respectfully submits that Claims 
58, 64, 73, 82 and 90-95 are similarly neither anticipated by, nor obvious in view of the cited 
references, and reconsideration thereof is respectfully requested. 

It is also submitted that these claims also add their own limitations which render them 
patentable in their own right. Applicant respectfully reserves the right to argue these limitations 
should it become necessary in the future. 

IV. Provisional Double Patenting Rejections 

In the Office Action mailed September 29, 2006, Claims 57, 63, 72 and 81 were 
provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being 
unpatentable over Claims 1, 11 and 21 of co-pending Application No. 11/171,104, in view of 
Guedalia. The present Response hereby amends Claims 57, 63, 72 and 81 in order to more 
clearly define the embodiment therein. Applicant respectfully submits that as amended, the 
claims are not obvious over Claims 1,11 and 21 of co-pending Application 11/171,104 in view 
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of Guedalia and reconsideration thereof is respectfully requested. Furthermore, Applicant 
respectfully notes that this is a provisional double patenting rejection and is prepared to address 
it further in the event that it is made final. 

V. Conclusion 

In view of the above amendments and remarks, it is respectfully submitted that all of the 
claims now pending in the subject patent application should be allowable, and reconsideration 
thereof is respectfully requested. The Examiner is respectfully requested to telephone the 
undersigned if he can assist in any way in expediting issuance of a patent. 

Enclosed is a PETITION FOR EXTENSION OF TIME UNDER 37 C.F.R. § 1.136 for 
extending the time to respond up to and including January 29, 2007. 

The Commissioner is authorized to charge any underpayment or credit any overpayment 
to Deposit Account No. 06-1325 for any matter in connection with this response, including any 
fee for extension of time, which may be required. 

Respectfully submitted, 

Date: January 29, 2007 By: /Justas Geringson/ 

Justas Geringson 
Reg. No. 57,033 

Customer No.: 23910 
FLIESLER MEYER LLP 
650 California Street, 14 th Floor 
San Francisco, California 94108 
Telephone: (415)362-3800 
Fax: (415)362-2928 
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